feature: Support for snapped versions of Firefox and Chromium #335
Conversation
|
@graysky2, could you please take a look? |
|
Converted to draft. Work in progress. This solution needs more testing due to possible race conditions during system startup. PSD service may start before Snap-related services, so Possible solutions (at the time being):
|
|
As far as I can understand, the creation of Added This pull request is ready for review. |
Added `--mkpath` parameter to `rsync` to ensure the initial sync not fail.
…raysky2#336. As AppArmor profiles allow access only to `$XDG_RUNTIME_DIR/snap.$SNAP_INSTANCE_NAME/`, added a so-called "path traversal" to place profiles of snapped browsers exactly into respective `$XDG_RUNTIME_DIR/snap.$SNAP_INSTANCE_NAME/` subdirectories.
vasilev
force-pushed
the
support_for_snap_Firefox_and_Chromium
branch
from
91c1e61
to
ec345b0
Compare
|
According to this article , https://gihyo.jp/admin/serial/01/ubuntu-recipe/0714 This is maybe hint. |
In response to Canonical's high-pressure selling of Snapcraft.
Snap in brief
Snap applies auto-generated AppArmor profiles located in
/var/lib/snapd/apparmor/profiles/. Profile template and data to populate the template.These profiles restrict access to
$XDG_RUNTIME_DIR(as reported in #247), and at the same time allow access to specific$XDG_RUNTIME_DIR's subdirectories, so$XDG_RUNTIME_DIR/snap.firefox/is accessible to snapped Firefox, and$XDG_RUNTIME_DIR/snap.chromium/is accessible to snapped Chromium.Browser profiles are located in
~/snap/$SNAP_INSTANCE_NAME/common/(~/snap/firefox/common/and~/snap/chromium/common/respectively).Possible solution
To comply with AppArmor restrictions mentioned above the in-memory part needs to be rerouted from the root of
$VOLATILEto respective subdirectories of it.Tested on Ubuntu 22.04.1 .